HP 12500 Configuration Manual page 69

Figure 27 Network diagram
Configuration procedure
# Assign IP addresses to relevant interfaces and make sure the device and the HWTACACS server can
reach each other and the device and Host A can reach each other. (Details not shown.)
# Enable the Telnet server.
<Device> system-view
[Device] telnet server enable
# Enable scheme authentication for user interfaces VTY 0 through VTY 15.
[Device] user-interface vty 0 15
[Device-ui-vty0-15] authentication-mode scheme
# Enable command authorization for the user interfaces.
[Device-ui-vty0-15] command authorization
[Device-ui-vty0-15] quit
# Configure an HWTACACS scheme that uses the HWTACACS server at 192.168.2.20:49 for
authentication and authorization, uses the shared key expert, and removes domain names from
usernames sent to the HWTACACS server. (In this example the HWTACACS server provides
authentication and authorization services at port 49.)
[Device] hwtacacs scheme tac
[Device-hwtacacs-tac] primary authentication 192.168.2.20 49
[Device-hwtacacs-tac] primary authorization 192.168.2.20 49
[Device-hwtacacs-tac] key authentication expert
[Device-hwtacacs-tac] key authorization expert
[Device-hwtacacs-tac] server-type standard
[Device-hwtacacs-tac] user-name-format without-domain
[Device-hwtacacs-tac] quit
# For the system-predefined domain system, configure the authentication method for login users and the
command authorization method to use the HWTACACS scheme and, if the HWTACACS server is
unavailable, use local authentication and local authorization as the backup.
[Device] domain system
[Device-isp-system] authentication login hwtacacs-scheme tac local
[Device-isp-system] authorization command hwtacacs-scheme tac local
[Device-isp-system] quit
# Create local user monitor, set the password to 123, assign the Telnet service, and set the default
privilege level to 1.
[Device] local-user monitor class manage
[Device-luser-manage-monitor] password cipher 123
61